Manage Scan Results

Required Tenable Security Center User Role: Organizational user with appropriate permissions. For more information, see User Roles.

Depending on the state of a scan result, you can perform different management actions (for example, you cannot download results for a scan with errors).

For more information, see Scan Results.

View Scan Results

Note: Tenable Security Center does not include all agent scans in the scan results table. If an agent scan imports scan results identical to the previous agent scan, Tenable Security Center omits the most recent agent scan from the scan results table.

Note: If you added the parent node of a Tenable Nessus Manager cluster as a scanner in Tenable Security Center, Tenable Security Center displays scan results for all child nodes. For more information, see Clustering in the Tenable Nessus User Guide.

Note: For each agent synchronization job result for a child node, Tenable Security Center imports a metadata record containing no vulnerability data. This metadata record appears as a second result on the Scan Results page. To prevent Tenable Security Center from importing the metadata file, configure and launch agent scans from Tenable Security Center, as described in Agent Scans.

To view a list of scan results:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Scan Results.

    The Scan Results page appears.

  3. View details about each scan result.

    • Name — The name for the scan associated with the result.

    • Type — The type of scan that generated the scan result.

    • Scan Policy — The name of the scan policy that generated the scan result.

    • Scanned IPs — The number of IP addresses scanned.

    • Group — The group associated with the scan.

    • Owner — The username for the user who added the scan.

    • Duration — The total time elapsed while running the scan.

    • Import Time — The date and time Tenable Security Center completed the scan result import.

    • Status — The status of the scan that generated the scan result. For more information, see Scan Status.

    • Freeze Window Hit - Whether targets were excluded from the scan by one or more active freeze windows. To see which targets were excluded, view the scan result details. This column appears only if you have enabled Enable Scans Complete With Freeze Window Exclusions in the Configuration Settings.

  4. To view a set of scan results:

    1. Right-click the row for the scan.

      The actions menu appears.

      -or-

      Select the check box for the scan.

      The available actions appear at the top of the table.

    2. Select Browse.

      The Vulnerability Summary analysis tool appears, populated with data from the scan.

  5. To view additional details for a scan result, see View Scan Result Details.

View Scan Result Details

You can view details for any scan result. For more information, see Scan Results.

To view scan result details:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Scan Results.

    The Scan Results page appears.

  3. Right-click the row for the scan result.

    The actions menu appears.

    -or-

    Select the check box for the scan result.

    The available actions appear at the top of the table.

  4. Click View.

    The View Scan Result page appears.

    Section

    Action

    General

    View general information for the scan result.

    • Name — The scan result name.

    • Type — The type of scan that generated the scan result.

    • Scan Policy — The name of the scan policy that generated the scan result.

    • Repository — The name of the repository associated with the scan policy that generated the scan result.

    • Scanned IPs / Total IPs — The number of IP addresses scanned compared to the total number of IP addresses targeted in the scan.

    • Status — The scan status. For more information, see Scan Status.

    • Scanner Summary — The name of the scan and how many IPs were scanned.

    • Freeze Window Excluded Targets - The targets or target ranges that were excluded from the scan by one or more active freeze windows. If a target was excluded by multiple freeze windows, the scan result details will display only the first freeze window that the scan encountered

      This appears only if you have enabled Enable Scans Complete With Freeze Window Exclusions in the Configuration Settings.

    • Start Time — The date and time Tenable Security Center started the scan.

    • Finish Time — The date and time Tenable Security Center completed the scan.

    • Status — The scan status. For more information, see Scan Status.

    • Duration — The total time elapsed while running the scan.

    • Import Start — The date and time Tenable Security Center started the scan result import.

    • Import Finish — The date and time Tenable Security Center completed the scan result import.

    • Import Status — The scan result import status. For more information, see Import Status.

    • Import Duration — The total time elapsed during scan result import.

    • Owner — The username for the user who added the scan.

    • Group — The group associated with the scan.

    • ID — The scan result ID.

    Tenable Synchronization Data

    View synchronization summary data:

    • Status — The status of the Tenable Lumin synchronization containing this scan result data:

      • Not Synced — The repository containing this scan result data is not configured for Tenable Lumin synchronization.

      • Syncing — The Tenable Lumin synchronization containing this scan result data is in progress.

      • Finished — The most recent synchronization that included this scan result data succeeded.

      • Error — An error occurred. For more information, see View Tenable One Data Synchronization Logs.

    • Start Time — The date and time Tenable Security Center started the most recent transfer of data to Tenable Vulnerability Management.

    • Finish Time — The date and time Tenable Security Center finished the most recent transfer of data to Tenable Vulnerability Management.

    • Duration — The total time elapsed during the most recent transfer of data to Tenable Vulnerability Management.

    • Details — If the Status is Error, details about the error.

    For more information about Tenable Lumin synchronization, see Tenable One Synchronization.

Filter Scan Results

To filter scan results:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Scan Results.

    The Scan Results page appears.

  3. To filter the scan results:

    Click the filter icon. Filters allow you to view only desired scan results. Filter parameters include:

    • Access - filters by whether the scan is manageable or usable.

    • Group - filters by the groups that can access the scans.

    • Name - filters by the scan name.

    • Owner - filters by the scan owner.

    • Scan Policy - filters by the scan policy.

    • Status - filters by the scan status.

    • Time (Created) - filters by when the scan result was created.

    • Time (Finished) - filters by when the scan finished running.

    • Type - filters by the type of scan.

  4. To remove all filters:

    • Under the filter options, click Clear Filters.

      Note: To return to the default filter for your user account, refresh your browser window. The number in gray next to the filter displays how many filters are currently in use.

Download Scan Results

To download scan results:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Scan Results.

    The Scan Results page appears.

  3. Right-click the row for the scan.

    The actions menu appears.

    -or-

    Select the check box for the scan.

    The available actions appear at the top of the table.

  4. Select Download.

    Tip: On a standard scan, you can download a Tenable Nessus results file. If the scan contains SCAP results, you can use an additional option to download the SCAP results.

Import Scan Results

To import scan results:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Scan Results.

    The Scan Results page appears.

  3. Right-click the row for the scan.

    The actions menu appears.

    -or-

    Select the check box for the scan.

    The available actions appear at the top of the table.

  4. Select Import.

    Tip: This option is useful for cases where a scan may have not fully imported after completion. For example, if Tenable Security Center blocked a scan because importing it would have exceeded the licensed IP address count, you can increase the IP address count, then import the scan results previously not imported.

Upload Scan Results

You can upload active or agent scan results from scans performed by other systems. Tenable Security Center supports either raw (.nessus) or compressed (.zip) files, with one .nessus file per archive before uploading. This allows you to import scan results from scans run in remote locations without network connectivity to Tenable Security Center.

Note: To upload files greater than 300 MB to Tenable Security Center, you must modify upload_max_filesize in /opt/sc/support/etc/php.ini to accommodate the larger uploads.

Scan Result-Repository Incompatibility

Caution:Tenable does not recommend importing scan results to incompatible repositories since data may be omitted.

If you upload agent scan results to a non-agent repository, Tenable Security Center omits all vulnerabilities without IP Address data for the host. Non-agent repositories cannot uniquely identify hosts without IP Address data for the host.

If you upload non-agent scan results to an agent repository, Tenable Security Center omits all vulnerabilities without Agent ID data for the host. Agent repositories cannot uniquely identify hosts without Agent ID data for the host.

To upload scan results:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Scan Results.

    The Scan Results page appears.

  3. At the top of the table, click Upload Scan Results.

  4. In the Scan File option, click Choose File.

    The file uploads to Tenable Security Center.

  5. In the Import Repository drop-down box, select a repository.

  6. If you selected an IPv4, IPv6, or Universal repository, enable or disable the Advanced options: Scan Virtual Hosts, Track hosts which have been issued new IP address, and Immediately remove vulnerabilities from scanned hosts that do not reply.

    For more information about the advanced options, see Active Scan Settings.

  7. Click Submit.

    Tenable Security Center saves your configuration.

Share Scan Results

To share scan results with other users:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Scan Results.

    The Scan Results page appears.

  3. Right-click the row for the scan.

    The actions menu appears.

    -or-

    Select the check box for the scan.

    The available actions appear at the top of the table.

  4. Select Copy.

    Selecting a Group from the drop-down box displays a list of users from that group. You can select one or more users from the list.

Send a Copy of Scan Results

To send a copy of the scan results to users without access to Tenable Security Center:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Scan Results.

    The Scan Results page appears.

  3. Right-click the row for the scan.

    The actions menu appears.

    -or-

    Select the check box for the scan.

    The available actions appear at the top of the table.

  4. Select Email.

Generate a Report for Scan Results

To generate a report for the scan results based on a preconfigured report:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Scan Results.

    The Scan Results page appears.

  3. Right-click the row for the scan.

    The actions menu appears.

    -or-

    Select the check box for the scan.

    The available actions appear at the top of the table.

  4. Select Send to Report.

    Tenable Security Center sends the scan results to a report.

Pause or Resume a Scan

To pause or resume a running scan:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Scan Results.

    The Scan Results page appears.

  3. In the row for the scan, click the pause or play button, as described in Start or Pause a Scan.

Delete Scan Results

To delete a set of scan results from Tenable Security Center:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Scan Results.

    The Scan Results page appears.

  3. Right-click the row for the scan.

    The actions menu appears.

    -or-

    Select the check box for the scan.

    The available actions appear at the top of the table.

  4. Select Delete.

    Tenable Security Center deletes the scan results.